I don’t work much with roles and authentication. I normally just want to get all the required roles and send information to the authentication person/group that something is missing. So this may be obvious to some of you authentication gurus, but hopefully it can enlighten someone else. If I’m wrong is some areas please comment.

At my current project, we needed to have all roles as custom. I did not know how the roles works on java, and how clients uses this data. I decided to spend a few minutes on learning more on the topic.

We want to make a call to the proxy engine on Java. So we need to have the role SAP_XI_APPL_SERV_USER on the user that calls the proxy. My initial thought was the application was checking for the role name.

This was fortunately not the case. Hopefully it I is just me, who have done it a few times. The applications from SAP is checking on capabilities. The look like the following.

There does not seem to be a copy button on the role. There is an export, modify and import functionality. Watch the 3. minutes video to see how it works.